CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-10655
Medium

In Zephyr OS, a vulnerability in the asynchronous SNTP client (sntp_close_async) closes the UDP socket without synchronizing with the polling thread, leading to a use-after-free of the net_context structure. An attacker can trigger this by delaying or dropping SNTP responses, causing a crash of the networking thread (DoS) and potential memory corruption.

CVE-2026-10654
Low

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles simultaneous bidirectional session disconnects. When the local device initiates teardown (state BT_RFCOMM_STATE_DISCONNECTING) and the peer concurrently sends a DISC frame for dlci 0, rfcomm_handle_disc() calls rfcomm_session_disconnected(), which unconditionally forces the session to BT_RFCOMM_STATE_DISCONNECTED without calling bt_l2cap_chan_disconnect(). This permanently wedges the session: the L2CAP channel is never released and the session slot in bt_rfcomm_pool[] is never reclaimed.

CVE-2026-10653
Medium

The Zephyr net_buf library uses non-atomic operations on buffer reference counters, leading to double-free or free-list corruption under concurrent access (SMP or single-core preemption). This can cause heap metadata corruption and use-after-free, potentially allowing arbitrary code execution.

CVE-2026-48315
Critical

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and the scope is changed.

CVE-2026-48314
Medium

A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows bypassing path restrictions. An attacker can gain limited read and write access to unauthorized files or directories outside intended restrictions. Exploitation does not require user interaction.

CVE-2026-48313
Critical

A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows unauthorized file system read and limited write access outside the intended directory. An attacker can exploit this without user interaction, gaining access to sensitive files.

CVE-2026-48307
High

Reflected XSS vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier. An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. User interaction (clicking a malicious link) is required.

CVE-2026-48286
Critical

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation does not require user interaction and the scope is changed.

CVE-2026-48285
High

An SSRF vulnerability in ColdFusion allows bypassing security measures and unauthorized read access. Exploitation requires no user interaction and the scope is changed.

CVE-2026-48283
Critical

A vulnerability in ColdFusion allows unrestricted upload of files with dangerous types, potentially leading to arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the scope is changed.

CVE-2026-48282
CriticalActively exploitedEPSS 87%

A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows a remote attacker to execute arbitrary code in the context of the current user without requiring user interaction. The issue stems from improper limitation of a pathname to a restricted directory.

CVE-2026-48281
CriticalEPSS 54%

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

CVE-2026-48277
CriticalEPSS 54%

A vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier is caused by improper input validation, potentially leading to remote arbitrary code execution in the context of the current user. Exploitation requires no user interaction and the scope is changed.

CVE-2026-48276
CriticalEPSS 56%

A vulnerability in ColdFusion allows unrestricted upload of files with dangerous types, potentially leading to arbitrary code execution in the context of the current user. Exploitation requires no user interaction and the scope is changed.

CVE-2026-44948
Medium

A path traversal vulnerability in the ImageScan subsystem of Rancher Fleet affects versions 0.12.0 to 0.12.16, 0.13.0 to 0.13.12, 0.14.0 to 0.14.7, and 0.15.0 to 0.15.3, allowing an attacker to traverse outside the intended directory and cause a denial of service.

CVE-2026-13455
Medium

A vulnerability in PostgreSQL Anonymizer allows unprivileged masked users to repeatedly call the anon.hash() function and collect (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt.

CVE-2026-48192
Medium

A vulnerability in Mendix Studio Pro arises from improper validation and sanitization of project files processed during the build pipeline. An attacker can trick a user into opening and running a specially crafted malicious project, leading to arbitrary code execution in the context of that user.

CVE-2026-44949
High

A vulnerability in Rancher FleetWorkspace allows an unauthenticated attacker with network access to the in-cluster rancher-webhook service to create workspace-related Kubernetes objects with attacker-chosen identity data. Affected versions are 0.7.0 to 0.7.10, 0.8.0 to 0.8.7, 0.9.0 to 0.9.6, and 0.10.0 to 0.10.7.

CVE-2026-44947
Medium

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

CVE-2026-27957
High

In Coolify prior to version 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH user on the managed server host.

PreviousPage 95 of 4495Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS